[Owasp-leaders] Please help promote OWASP & avoid the next LinkedIn debacle
eoin.keary at owasp.org
Thu Jun 7 21:13:30 UTC 2012
Why is the cheat sheet not in the reboot list yet!! We could fund awareness, publication and pr efforts!!
Owasp Global Board
+353 87 977 2988
On 7 Jun 2012, at 21:54, Andy Lewis <alewis at owasp.org> wrote:
> Hi Jim - right now it looks to me like we provide good general
> guidance and references to implementation in specific
> languages/frameworks. My intention was to 1) promote awareness, and
> 2) solicit additional references for additional specific languages or
> frameworks to make a great cheat sheet even better.
> All the best,
> On Thu, Jun 7, 2012 at 11:17 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> What changes to the password storage cheat sheet do you have in mind?
>> I maintain that and other pages in the cheat sheet series.
>> Jim Manico
>> (808) 652-3805
>> On Jun 6, 2012, at 4:23 PM, Andy Lewis <alewis at owasp.org> wrote:
>>> Nearly all of my LinkedIn groups have some hysterical mention of the
>>> LinkedIn password hash leak.
>>> Few of them mention the fact that the hashes were unsalted.
>>> OWASP has answers. Please join me in promoting those answers by
>>> "Liking" my posts about salt or publishing your own.
>>> Here's the message I've been posting (yeah, it COULD be more subtle):
>>> <Discussion Field 1>
>>> It's easy to point and laugh at LinkedIn for failing to salt our
>>> passwords, but it's also a good time to remind people about how easy
>>> OWASP has made hashing with salt for some languages:
>>> </Discussion Field 1>
>>> <Discussion Field 2>
>>> The references for the CryptoGraphic Cheat Sheet cover salt for java,
>>> php, and .net.
>>> Anybody aware of any others? Now's a good time to update the cheat
>>> sheet references on OWASP's wiki.
>>> Either way, this is a VERY GOOD TIME to discuss salt w/Developers...
>>> </Discussion Field 2>
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders